OPNsense is a FreeBSD-based specialist operating system (and a fork of pfSense) designed for firewalls and routers. It is developed by Deciso B.V. in the Netherlands. Some of the features of OPNsense include forward caching proxy, traffic shaping, intrusion detection, two-factor authentication and easy OpenVPN client setup. The project's focus on security brings a number of unique features, such as the option to use LibreSSL instead of OpenSSL (selectable in the GUI) and a custom build based on HardenedBSD. OPNsense also includes an update mechanism that delivers important security updates in a timely fashion.

The developers of IPFire, an independent distribution which focuses on security, have announced a new update to their distribution. The latest release, IPFire 2.17 Core Update 95, offers users a number of improvements to the IPsec VPN software and an updated Linux kernel. "This is the official release announcement for IPFire 2.17 Core Update 95 which is a bigger release with a new kernel and various smaller feature enhancements and bug fixes. This update contains a minor update to the Linux kernel IPFire is using based on Linux 3.14.57. Various device drivers for Intel network controllers and some other hardware have been improved. strongswan has been updated to version 5.3.3 and much work was done on the IPsec VPN stack. The changes include feature enhancements and bug fixes. It is now possible to configure more than one subnet per IPsec net-to-net connection- That makes configuration for more complex networks easier and also reduces the overhead for the IPsec connection." Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core95.iso (157MB, torrent, pkglist).

IPFire is a Linux distribution that focusses on easy setup, good handling and high level of security. It is operated via an intuitive web-based interface which offers many configuration options for beginning and experienced system administrators. IPFire is maintained by developers who are concerned about security and who update the product regularly to keep it secure. IPFire ships with a custom package manager called Pakfire and the system can be expanded with various add-ons.

IPFire is a Linux distribution which focuses on security and is suited for being used as a firewall. Administration is handled through a web interface. The project has released a new update to its 2.19 series: IPFire 2.19 Core Update 120. The new version removes old and broken cryptography functions and introduces new security requirements: "Cryptography is one of the foundations to a secure system. We have updated the distribution to use the latest version of the OpenSSL cryptography library (version 1.1.0). This comes with a number of new ciphers and major refacturing of the code base has been conducted. With this change, we have decided to entirely deprecate SSLv3 and the web user interface will require TLSv1.2 which is also the default for many other services. We have configured a hardened list of ciphers which only uses recent algorithms and entirely removes broken or weak algorithms like RC4, MD5 and so on. Please check before this update if you are relying on any of those, and upgrade your dependent systems." A complete list of changes can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core120.iso (171MB, torrent, pkglist).

IPFire is a Linux distribution that is focused on easy setup, good handling and high level of security. It is operated via an intuitive web-based interface which offers many configuration options for beginning and experienced system administrators. The project has released a new update, IPFire 2.19 Core Update 117, which features several security fixes and improvements. "One moderate and one low security vulnerability have been patched in OpenSSL 1.0.2n. The official security advisory can be found here. It is now possible to define the inactivity timeout time when an idle IPsec VPN tunnel is being closed. Support for MODP groups with subgroups has been dropped. Compression is now disabled by default because it is not very effective at all. strongswan has been updated to 5.6.1. It is now easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by choosing routes in each client’s configuration. This makes hub-and-spoke designs easier to configure." Further details can be found in the distribution's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core117.iso (173MB, torrent, pkglist).

IPfire is an independent Linux distribution for use on firewalls and routers. The project has released a new update, IPFire 2.19 Core Update 113. The new version includes the "Who Is Online" utility to assist administrators is viewing which network devices are connected. "This is the official release announcement for IPFire 2.19 - Core Update 113. The change log is rather short, but comes with a big new feature - Who Is Online? (or WIO in short) has finally arrived on IPFire. It is a built-in monitoring service for the local network showing what devices are connected, which ones are on line and can also send alarms on various events. Give it a try!The DNS root keys have been updated to make DNS work beyond October 2017 after the DNSSEC key rollover has been performed. Serial consoles now automatically detect the baudrate after the kernel has been booted. Package updates - Bind 9.11.2, GnuTLS 3.5.14, libgcrypt 1.8.0, Nano 2.8.6, Squid 3.5.26..." Further details on this release and its updated packages can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core113.iso (167MB, torrent, pkglist).

Michael Tremer has announced a new update to the IPFire distribution for firewalls. The new version, IPFire 2.19 Core Update 111, features a number of security improvements which allow IPFire to connect to wireless networks and drops older (potentially vulnerable) cryptography functions for newer, stronger ones. Quality of Service (QoS) handling now uses multiple CPU cores when available in order to offer better performance. "The firewall can now authenticate itself with a wireless network that uses Extensible Authentication Protocol (EAP). These are commonly used in enterprises and require a username and password in order to connect to the network. IPFire supports PEAP and TTLS which are the two most common ones. They can be found in the configured on the 'WiFi Client' page which only shows up when the RED interface is a wireless device. This page also shows the status and protocols used to establish the connection. The index page also shows various information about the status, bandwidth and quality of the connection to a wireless network. That also works for wireless networks that use WPA/WPA2-PSK or WEP." Further details can be found in the distribution's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core111.iso (173MB, torrent, pkglist).

IPFire is an independently developed Linux distribution with security and firewall configuration in mind. The distribution can be managed through a web-based interface. The IPFire project's latest release, IPFire 2.19 Core Update 110, features on-demand IPsec VPNs and performance improvements for DNS queries. "This is the official release announcement for IPFire 2.19 - Core Update 110. This updates comes with some exciting new features as well as updates of many system packages and many bug and security fixes. IPFire used to keep IPsec VPNs up all the time. This wastes resources if a connection is not used very often for example for a daily backup only. Core Update 110 allows to configure IPsec VPNs in an On-Demand mode which will establish the connection as soon as it is needed and will close it after 15 minutes of inactivity to save resources. This is especially handy for people who have a large number of IPsec net-to-net connections on either weak hardware or connections that are not required all the time like maintenance or backup connections, etc." These and other changes are detailed in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core110.iso (165MB, torrent, pkglist).

The IPFire project has announced an update to the security-minded Linux distribution. The new release fixes some issues with the project's 2.19 series and carries the name IPFire 2.19 Core Update 108. "Just before Christmas, we are going to release the last Core Update for 2016. IPFire 2.19 - Core Update 108 brings some minor bug fixes and feature enhancements, some security fixes in ntp and various fixes in the squid web proxy. Asynchronous logging is now enabled by default and not configurable any more. This made some programs that wrote an extensive amount of log messages slow down and possible unresponsive over the network which causes various problems. This was seen on systems with very slow flash media and virtual environments." The release announcement includes further details and list of updated packages. Download (SHA1): ipfire-2.19.x86_64-full-core108.iso (163MB, torrent, pkglist).

The IPFire project has announced a new update to the distribution's 2.19 series. The new version, IPFire 2.19 Core 103, features updates to the Squid proxy service, ClamAV anti-virus software and Tor networking software. "The web proxy Squid has been updated to the 3.5 series and various improvements for stability and performance were made. On machines with slow hard disks or on installations with very large caches it was likely to happen that the cache index got corrupted when the proxy was shut down. This resulted in an unstable web proxy after the next start. The shutdown routine was improved so that a cache index corruption is now very unlikely. Additionally we have means installed that allow us to detect if the cache index was corrupted and if so have it automatically rebuilt at the next start. This update will delete the presumably corrupted index on all installations and start a rebuild of the index, which could result in slow operation of the proxy for a short time after installing the update. Details can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core103.iso (160MB, torrent, pkglist).

The IPFire project has released the 100th update to the project's 2.19 branch. The new version, IPFire 2.19 Core 100, introduces a 64-bit build along with an updated Linux kernel. "It is a great moment to us and we are very proud to release the 100th Core Update today. This update will bring you IPFire 2.19 which we release for 64-bit on Intel (x86_64) for the first time. This release was delayed by the various security vulnerabilities in OpenSSL and glibc, but is packed with many improvements under the hood and various bug fixes." A number of fixes have been backported to the project's Linux kernel: "As with all major releases, this one comes with an updated Linux kernel to fix bugs and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger against common attacks like stack buffer overflows. Many firmware blobs for wireless cards and other components have been updated just as the hardware database." Additional information can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core100.iso (159MB, torrent, pkglist)

The development team behind IPFire, a independent Linux distribution for firewalls, has released a new update. The new release, IPFire 2.17 Core Update 94, includes a number of package upgrades, including OpenSSH 7.1p1. This release also cleans up the web interface and includes a mail agent in the base system. "OpenSSH was updated to version 7.1p1. With that we added support for elliptic curves (ECDSA and ED25519) and removed support for DSA which is considered broken. Too small RSA keys are removed as well and regenerated. These changes may require to import the keys of the IPFire system on your admin computer again. An internal mail agent was added that is used by internal services to send out reports or alerts. So far only a few services use this (like the squid accounting add-on), but we expect to add more things in the future. This is a very simple and lightweight mail agent that can be configured on the web user interface and will usually require an upstream mail server." Further details on the release of IPFire 2.17 Core Update 94 can be found in the project's release announcement. Downloads (SHA1): (157MB, torrent, pkglist).

The developers of IPFire, an independent Linux distribution designed to be run on firewalls, VPNs and network gateways, have released IPFire 2.17 Core Update 93. The new release includes a number of bug fixes and expands support for dynamic DNS services. "This is the official release announcement of IPFire 2.17 - Core Update 93. This update comes with various security fixes in the Squid web proxy, the dnsmasq DNS proxy server and the Perl-compatible regular expressions library. ddns, our dynamic DNS update client, has been updated to version 008. This version is more robust against network errors on the path and server errors at the provider. Updates will then be retried frequently. The providers joker.com and DNSmadeEasy are now supported. A crash when updating namecheap records has been fixed. Pakfire was fixed and now correctly pulls additional dependencies of add-on packages when updating from an older version. TRIM is disabled on some SSDs with known firmware bugs that cause data loss." Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core93.iso (157MB, torrent, pkglist).

The IPFire project, which makes an independent open source firewall solution, has announced an important security update to their distribution. The new release, IPFire 2.17 Core Update 91, patches known OpenSSL and IPsec vulnerabilities. "This is the official release announcement for IPFire 2.17 – Core Update 91. This update comes with various security fixes - most notably fixes for six security vulnerabilities in the OpenSSL library and two more vulnerabilities in strongSwan. OpenSSL security vulnerabilities: There are six security vulnerabilities that are fixed in version 1.0.2b of openssl. This version contained an ABI breakage bug that required us to wait for a fix for that and rebuild this Core Update... StrongSwan IPsec security vulnerability: In strongSwan 5.3.1, a security vulnerability that is filed under CVE-2015-3991 was fixed. A denial-of-service and potential code execution was possible with specially crafted IKE messages. IPFire ships now version 5.3.2 which fixes a second vulnerability (CVE-2015-4171)." The IPFire project recommends installing the new security update and rebooting the distribution to make sure these serious vulnerabilities have been patched. Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core91.iso (156MB, pkglist).

The IPFire team has announced the release of IPFire 2.17 Core Update 90. The new release offers a number of security enhancements, including the use of GeoIP filtering and the disabling of vulnerable security protocols. The project's kernel and system services have also been updated and patched against known vulnerabilities. "Attackers originate from all sorts of places in the world. Often huge networks of bots scan the entire Internet for services that are publicly accessible and possible to exploit. With GeoIP-based blocking it is possible to mitigate many of those scans to take off the load of the firewall engine and to secure those publicly accessible services. With GeoIP-based firewall rules it is possible to filter incoming and outgoing traffic related on their source or desired destination countries." Further details are available in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core90.iso (156MB, torrent, pkglist).

Michael Tremer has announced the launch of IPFire 2.17 Core 89. This new release brings a number of new features to the specialist firewall distribution, including VPN connection graphs, a list of new providers and improved error handling. "This is the official release announcement of IPFire 2.17 - Core Update 89. This one comes with some new features, many updates of software packages and various minor bug fixes. OpenVPN Net-To-Net Statistics: Connection statistics of OpenVPN net-to-net connections are now collected and graphed. They show incoming and outgoing traffic of the
VPN connections and compression ratios. Dynamic DNS Updater: The dynamic DNS updater tool ddns has been massively extended - A database is used to track successful and failed updates. ddns will automatically back-off when an update could not be performed and will re-try after a longer time. nsupdate.info asked to never repeat any updates after one has failed for any reason..." Further information can be found in the project's release notes. Downloads (SHA1): ipfire-2.17.i586-full-core89.iso (155MB, pkglist).

Michael Tremer has announced the release of IPFire 2.17 Core 87, a major new update of the project's specialist distribution for firewalls, featuring an updated kernel and GRUB 2 bootloader: "This is the official release announcement for IPFire 2.17 - Core Update 87, a new major version of the IPFire firewall distribution coming with all sorts of new features and bug fixes. Most of the work has been done under the hood and in the Linux kernel. This has been updated to version 3.14 and brings better support for various hardware and stability fixes. Various device drivers have been backported from more recent versions of the Linux kernel to combine great stability with best hardware support. Stability for various ARM platforms has been improved and support for more has been added. Among the new devices are the Banana Pi and Banana Pro boards. Please check out the list of supported ARM boards on the IPFire wiki. The installer program that helps to install IPFire has been very much improved." Read the rest of the release announcement for a full changelog. Download: ipfire-2.17.i586-full-core87.iso (154MB, SHA1, pkglist).

Michael Tremer has announced the release of IPFire 2.15 Core 86, a new stable build of the project's specialist Linux distribution for firewalls: "This is the official release announcement of IPFire 2.15 - Core Update 86 which brings various security fixes across several packages. Hence we recommend installing this update as soon as possible and to execute a reboot afterwards. The openssl library which implements the TLS/SSL protocol and is used by various other packages in the system has been updated to version 1.0.1k. This release fixes eight security issues that have all been classified with 'moderate'. OpenVPN has been updated to version 2.3.6 which also fixes a security vulnerability that allowed remote authenticated users to cause a denial of service. strongSwan has been updated to version 5.2.1. Originally, Core Update 86 was planned to become IPFire 2.17. This release has been postponed because we still require some people to send us feedback." The release announcement. Download: ipfire-2.15.i586-full-core86.iso (132MB, SHA1, pkglist).

Michael Tremer has announced the release of IPFire 2.15 Core 84, a new stable release of the specialist distribution designed for firewalls: "This is the official release announcement for IPFire 2.15 Core Update 84. This is a release that fixes some security issues in the GNU Bash package which are commonly known as 'Shellshock' and it comes with more fixes and minor feature enhancements. As you may have already seen on the news, the Shellshock issues made more people look into the code of the default shell of many *nix systems. Those people found many more programming errors and provided fixes for them which have been applied in this release. IPFire is now shipping GNU Bash 4.3.30 and the companion library readline in version 6.3. There have been some denial of service issues in the Squid web proxy which have been fixed in release 3.4.8. Those are of minor severity only and quite possibly cannot be exploited to inject code. The firewall got a couple of new features which I explained in detail in a post on the IPFire planet." Read the rest of the release announcement for a more detailed changelog. Download: ipfire-2.15.i586-full-core84.iso (132MB, SHA1, pkglist).

Michael Tremer has announced the release of IPFire 2.15 Core 82, a new stable release of the specialist distribution designed for firewalls: "This is the official release announcement for IPFire 2.15 Core Update 82. This Core Update's main features are the inclusion of the crowd-funded Windows Active Directory Single Sign-On Web Proxy and the option to disable masquerading (NAT) on the local networking interfaces. In addition to that, several system libraries and tools have been updated, and minor bugs have been fixed. Proper and secure authentication against the Squid web proxy has not been possible in IPFire before. The 'Windows' authentication has been broken for a long time since there were bigger changes in the Windows Domain Controllers. This update adopts IPFire to the new and secure Active Directory authentication interfaces which use the SMB and Kerberos protocols." Read the rest of the release announcement for a more detailed changelog. Download: ipfire-2.15.i586-full-core82.iso (132MB, SHA1, pkglist).

Michael Tremer has announced the release of IPFire 2.15 Core 80, a new stable release of the project's specialist Linux distribution for firewalls: "This is the official release announcement for IPFire 2.15 Core Update 80. It comes with lots of new features, some bug fixes and some minor security fixes. There has been a crowd-funding on the IPFire wishlist which raised money for implementing a DNSSEC validating DNS proxy. The DNS proxy service that is running inside of IPFire has been forked and some features that were dropped in the upstream version have been backported. IPFire now validates every DNS response of zones that are signed. If the DNSSEC signatures do not validate a DNS error is raised and therefore spoofing attacks are not longer possible. However, it is not sufficient for the internal DNS proxy to have DNSSEC enabled. Client systems should validate DNSSEC records." Continue to the release announcement for full details. Download: ipfire-2.15.i586-full-core80.iso (128MB, SHA1).

Michael Tremer has announced the release of IPFire 2.15 Core 79, the latest stable release of the project's specialist Linux distribution for firewalls: "IPFire 2.15 Core Update 79 is finally arriving with many bug fixes and enhancements. Among the big changes with this update are lots feature enhancements that massively increase the security level of OpenVPN connections, some enhancements of the web user interface and a lot more awesome stuff under the hood. The OpenVPN capabilities have been massively extended by Erik Kapfer. The certificate authority that can be created on the OpenVPN page now uses much better hashes to protect the integrity of itself. The CA root certificate uses a SHA512 hash and a RSA key with length of 4096 bit. All new created host certificates use a RSA key with 2048 bit length and a SHA256 hash. Additionally, a set of Diffie-Hellman parameters can be generated for better protection of the session keys." Read the detailed release announcement for further information. Download: ipfire-2.15.i586-full-core79.iso (126MB, SHA1).

Michael Tremer has announced the release of IPFire 2.15 Core 77, a new version of the specialist Linux distribution designed for firewalls. This is the project's first release of the 2.15 series and it's a major update. From the release announcement: "This is the official release announcement of IPFire 2.15 (Core Update 77). It is the release with the most changes since the beginning of the IPFire 2 series. Those changes include major work on the base of the system, security has been improved in lots of ways and there are many changes regarding the user interface. The firewall GUI has been in development for over a year now and has been massively extended so that almost everything is possible now. There are groups which make creating rules for multiple hosts or services very easy and help you to hold your nerves, even with complex rule sets. All your rules will be automatically converted, but we recommend to double check that everything works as intended." Download from here: ipfire-2.15.i586-full-core77.iso (122MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13 Core 76, a new build of the specialist firewall distribution that fixes a security issue in strongSwan: "This is the official release announcement for IPFire 2.13 – Core Update 76. It comes with a security fix for the strongSwan package which is responsible for IPsec VPN connections. The vulnerability has got the number CVE-2014-2338. It was possible to bypass the authentication and therefore to overtake a VPN connection whilst the original peers are rekeying. IKEv1 connections are not vulnerable, but IKEv2. Please update as soon as possible. I would also like to draw your attention towards the upcoming release of IPFire 2.15. The first release candidate has been released a couple of weeks ago and we are searching for testers to find any last-minute bugs." Here is the brief release announcement. Download from here: ipfire-2.13.i586-full-core76.iso (103MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13 Core 75, an updated version of the project's specialist distribution for firewalls: "So it is a new year and here is the first update of 2014: IPFire 2.13 Core Update 75. It comes with urgent bug fixes that solve problems introduced in the previous update. Due to a change in OpenVPN 2.3, the common name of the certificate of the user that was connection was formatted in another way than before. As such, the certificate could not be properly validated because it was searched for with a different name. This update ships a fixed version of the verify script that can work with both formats of the common name. Because of a related cause, the route configuration was not pushed to some clients when they connected. This issue, filed under bug id #10323, has been addressed in this update." See the release announcement for more information. Download: ipfire-2.13.i586-full-core75.iso (103MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13 Core 74, an updated version of the Linux-based, security-hardened distribution for firewalls: "IPFire 2.13 Core Update 74 released. It comes with a bunch of minor updates and fixes some minor bugs. Update to Squid 3.3.11. The latest maintenance update of the Squid web proxy package has been applied. The maximum number of file descriptors has again been increased to 1,048,576 and the issue which made it was impossible for the Squid daemon to set the desired configuration value has been fixed. The OpenVPN package has been updated to version 2.3.2. strongSwan, the package responsible for IPsec VPN connections, has been updated to version 5.1.1. The HTTPS key and certificate that are used for communicating with our IPFire web user interface has been increased to 4,096 bits. This follows the general advice by various authorities. New installations will automatically generate a longer key." Read the release announcement for further details. Download: ipfire-2.13.i586-full-core74.iso (103MB, SHA1).

IPFire 2.13 Core 73 is the latest stable release from the project that provides a hardened firewall distribution with corporate-level network protection: "IPFire 2.13 Core Update 73 comes with a bunch of smaller bug fixes and updates. The most important ones of these are updates of the Squid web proxy server, OpenSSH and the PHP Hypertext Processor. It is recommended to update as soon as possible. The Squid web proxy server has been updated to version 3.3.10. The most notable changes since the current version of Squid running in IPFire are better SMP scalability, an updated logging infrastructure and fixes. The transparent mode has been dropped in favour of the more general intercept mode which requires a different port than for the transparent mode. There is no intervention by the user required, when updating your IPFire system." Continue to the release announcement to learn about the changes and updates. Download from here: ipfire-2.13.i586-full-core73.iso (103MB, SHA1).

IPFire 2.13 Core 71, the latest stable release of a hardened firewall distribution offering corporate-level network protection, has been released: "This update comes with some new features and minor bug fixes. It is now possible to assign a wireless adapter as the RED interface. A GUI has been written where you can configure wireless access points, to which the IPFire system will connect when in reach. You will be able to configure backup access points, to which IPFire will switch when the first one is down or out of reach. You can prioritize them, so that you can connect to the best one when ever that is possible. All common encryption technologies are supported. A new GUI has been written on which you are able to define different name servers than the public name servers for your DNS zones. The Intrusion Detection System (IDS) snort has been updated to version 2.9.5." Read the complete release announcement. Download: ipfire-2.13.i586-full-core71.iso (102MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13 Core 70, the latest stable release from the project developing open-source software solutions for routers and firewalls: "Today, the IPFire development team released the 70th Core update for IPFire 2. This update comes with a new kernel and some minor enhancements. Another kernel update to Linux 3.2.48 fixes various smaller bugs. In addition to that, we switched back to the official in-tree drivers for Realtek r81xx-based network adapters. The e1000e and igb kernel modules which control Intel Ethernet adapters have been updated as well. IPFire brings some data for wireless networks which basically contains information about which frequencies may be used in which countries. This database has been updated and covers more places in the world." Read the rest of the release announcement for further information. Download: ipfire-2.13.i586-full-core70.iso (102MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13 Core 69, a new stable version of the project's specialist Linux distribution for firewalls and routers: "Today, the IPFire development team released the 69th Core update for IPFire 2. This update comes with a new kernel and some minor enhancements. The Linux kernel has been updated to address several security issues and other bugs. The kernel is based on Linux 3.2.46 and comes with a newer wireless stack from kernel 3.8.3. Some wireless hardware has got better support in term of stability and we have added some more drivers for several networking hardware like USB Ethernet adaptors and so on. The install disk has got a new bootloader where you now can install other versions of IPFire as well. There are also some diagnostic tools and other installation options available." Here is the full release announcement. Download: ipfire-2.13.i586-full-core69.iso (102MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13 Core 68, a minor bug-fix update of the specialist distribution for firewalls and routers: "Today the IPFire development team released the 68th Core update for IPFire 2. This update brings various bug fixes and minor enhancements. The strongSwan team released version 5.0.4 which fixes an authentication bypass for certificates that use Elliptic Curves. As we don't use them in IPFire by default, this is not too serious an issue, but we still updated the strongSwan package. The update also contains some changes that fix unstable IPsec connections, a minority of users was experiencing. Since Core Update 65, disabling OpenVPN roadwarrior connections had no effect, so that users could still connect. This has also been fixed with this release. The web user interface comes with a new status bar which now has a cleaner design and provides more information." Read the rest of the release announcement for more details. Download (SHA1): ipfire-2.13.i586-full-core68.iso (99.4MB), ipfire-2.13.1gb-ext4.armv5tel-full-core68.img.gz (163MB).

Michael Tremer has announced the release of IPFire 2.13 Core 67, an updated version of the hardened Linux-based appliance distribution designed for use as a firewall: "Today, the IPFire development team released the 67th core update for IPFire 2. This update comes within the usual 4-week schedule and brings various bug fixes. New wireless drivers. With IPFire 2.13 came a new kernel based on Linux 3.2. The wireless drivers were taken from Linux kernel 3.6 and subsequently, some users reported that their hardware did not work as well as it had previously. With this core update, the wireless drivers have been grabbed from Linux kernel 3.8, where numerous problems have been fixed and also new hardware support has been added. Please note that a reboot is required to make use of the new drivers. The driver for ASIX USB network adapters has also been updated to version 4.5." Read the full release announcement for further details. Download: ipfire-2.13.i586-full-core67.iso (93.4MB, SHA1).

Michael Tremer has announced the release of IPFire 2.13, a major new update of the project's specialist distribution for firewalls: "Today is the day on which we officially release IPFire 2.13. We are very proud to have a brand-new milestone release with a lot of exciting, new features. The list of changes, enhancements, and fixes is endless, but we would like you to pay special attention to the following features which we're the most excited about. The most important components of the base system have been updated to include a brand-new kernel based on the Linux 3.2 release. With that, IPFire now supports more hardware than ever before and many of the hardware problems from the past should be gone. The most basic system libraries have been replaced as well, giving us great performance and fixing some general security issues." Here is the full release announcement. Download: ipfire-2.13.i586-full-core66.iso (93.4MB, MD5, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 65, the latest update of the project's specialist firewall distribution: "Today, the last core update for IPFire 2.11 in this year has been released. It is the 65th of the IPFire 2 series and comes with some new features and bug fixes. Alexander Marx developed a graphical interfaces with help of which one can configure OpenVPN roadwarrior clients individually. It is possible to add routes, different DNS servers, static IP addresses to individual roadwarrior clients. One may also add networks from which IP addresses may be assigned to clients. Those subnets and static IP addresses can be used to create firewall rules and permit clients only to access certain parts of a network. More work in this area will be released in the future." More information on new features can be found in the release announcement. Download: ipfire-2.11.i586-full-core65.iso (77.9MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core65.img.gz (126MB, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 64, a specialist firewall distribution, with updated intrusion detection software and fixed MAC rules: "Today, we are releasing the 64th Core Update for IPFire 2.11. The Intrusion Detection program Snort has been updated to version 2.9.3.1, the corresponding daq library to version 1.1.1. This enables Snort to work with the latest VRT rule set. Outgoing firewall - the broken MAC rules have been fixed. It was impossible to use the MAC rules to allow hosts to access the Internet. A bigger rewrite of the code fixes this problem and makes the outgoing firewall a bit more performing. Minor bugs and feature enhancements: update accelerator - the path to the delete icon has been fixed; pakfire can now use the XZ compression." See the release announcement for more details and a note on the upcoming IPFire 2.13. Download: ipfire-2.11.i586-full-core64.iso (77.8MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core64.img.gz (126MB, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 63, a bug-fix version of the project's specialist distribution for firewalls: "Today, we are releasing the 63rd Core update for IPFire 2.11. This update fixes some minor problems and fixes two security issues in Apache. Software updates: Apache 2.2.23 - because of CVE-2012-2687 aka CVE-2008-0455 and CVE-2012-0883; DHCP 4.2.2 - because the older version got confused with VLANs; fireinfo 2.1.6 - ignore some more invalid ID strings. Other bug fixes: the long awaited OpenVPN fragment/mssfix bug has been fixed and the network VLANs initscript is not too noisy any more. Despite that, some invalid HTML output was generated by the index.cgi script." Here is the brief release announcement. Download for the i586 or ARM architectures: ipfire-2.11.i586-full-core63.iso (77.9MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core63.img.gz (126MB, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 62, a specialist distribution of Linux for firewalls: "Today, we are releasing the 62nd Core update for IPFire 2.11. This update fixes some security problems and also adds some new functionality. We recommend that you update your IPFire installations as soon as possible if you are using the outgoing firewall in mode Fixed: outgoing firewall permits hosts on BLUE to access the Internet. In earlier releases, it was possible for hosts on the BLUE network to access resources on the Internet which are allowed by the outgoing firewall although no permission has been granted to the host (blue access). This is a moderate risk." Read the rest of the release announcement for additional information. Download for the i586 or ARM architectures: ipfire-2.11.i586-full-core62.iso (77.6MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core62.img.gz (126MB, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 61, a specialist Linux distribution for firewalls: "The IPFire development team has just released the 61st core update for IPFire 2.11. This update brings a lot of exciting changes, new features and several bug fixes. Since IPFire 2.11, OpenVPN net2net (N2N) or site2site (S2S) connections are supported. Here are some of the exciting new features: static routes may be defined for OpenVPN clients; connections can now be renamed when importing them; OpenVPN N2N connections are displayed with their status on the index page; optional client-config-dir (CCD) is supported which enables the option to add configuration parameters for a single client connection. On the connections page, you can now see how much traffic has been transfered over a single connection." The release announcement. Download: ipfire-2.11.i586-full-core61.iso (76.8MB, torrent).

Arne Fitzenreiter has announced the release of IPFire 2.11 Core 58, an updated version of the project's specialist distribution for firewalls: "It is time for a maintenance update of the IPFire series 2 which is called Core Update 58. This update comes with cryptodev, a bunch of security fixes and minor bug fixes. Cryptodev has been ported from BSD and provides the kernel crypto system to the userspace. The advantages we gain from that is much faster hashing, encryption and decryption of data. On a normal system, the performance will double, on systems that come with crypto processors like VIA Padlock or Marvell CESA, the speed will be significantly higher and the CPU load will be much lower. The update is shipping fixes for security issues in OpenSSL 0.9.8u and libpng 1.2.46." Read the rest of the release announcement for more details. Download (SHA1): ipfire-2.11.i586-full-core58.iso (76.6MB, torrent).

Arne Fitzenreiter has announced the release of IPFire 2.11 Core 57, the latest update of the project's specialist distribution for firewalls: "Today, we are releasing Core Update 57 for IPFire 2.11. It is again a minor bug-fix and security update. These components have been updated to address various security issues or potential DDoS attacks - PHP security update to 5.3.10, Apache security update to 2.2.22, Squid, update to 3.1.19. Miscellaneous changes: a bug in the GUI of the outgoing firewall which automatically disabled a rule after it has been edited was fixed; Vim now works better on remote consoles like PuTTY; the welcome banner that is shown to Cisco's Road Warrior VPN client is now customized and says 'Welcome to IPFire - An Open Source Firewall Solution'." See the complete release announcement for more information. Download (SHA1): ipfire-2.11.i586-full-core57.iso (76.5MB, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 56, a new stable release of the project's specialist distribution for firewalls: "Today, we are releasing Core Update 56 for IPFire 2.11. It is a minor bug-fix and security update. The most exciting new feature can be found in the pre-installed images that automatically scale up the partitions at first boot. If you use a 8 GB SD card, you install the 2 GB image and it will grow the partition sizes to use all space that is available on that SD card. Note: The minimum required size of Flash media has changed from 1 GB to 2 GB. This is because the / partition was too small for installing bigger add-ons. An update of OpenSSL to version 0.9.8t fixes a security flaw that could be exploited in a denial of service attack." Continue to the release announcement for a list of bug fixes. Download (SHA1): ipfire-2.11.i586-full-core56.iso (73.2MB, torrent).

Michael Tremer has announced the release of IPFire 2.11 Core 55, a specialist Linux distribution for firewalls: "Today, we are going to release two new core updates for the IPFire firewall distribution. Core Update 54 - minor feature enhancements and bug fixes. This core update comes with some updates for network hardware that will give more speed and reliability. The web proxy service has been updated as well and consumes less memory in some circumstances, among other improvements. The intrusion detection system rules download is working again for the latest rule set and the hardware status section in the web user interface recognizes more hard drives. Core Update 55 - six security updates in OpenSSL, OpenSSH has been updated to version 5.9p1." Read the full release announcement additional details. Download (SHA1): ipfire-2.11.i586-full-core55.iso (73.1MB, torrent).

Arne Fitzenreiter has announced the release of a major new version of IPFire, a specialist Linux-based distribution for firewalls: "It has already been four years since IPFire 2 was released for the first time. There has been huge progress until today, the release of version 2.11. The biggest new feature in the released version 2.11 of IPFire is the option to create net-to-net VPNs with OpenVPN. Until now, it was only possible to use OpenVPN to create roadwarrior networks, but we kept the easiness of configuring VPN tunnels by just sending configuration archives in ZIP format. To learn how that works, see the reworked documentation on the Wiki. IPsec-VPNs do now support the IKEv2 protocol which allows a more secure, faster and easier connection of the tunnels." See the release announcement for additional details. Download (SHA1): ipfire-2.11.i586-full-core53.iso (73.3MB, torrent).

Michael Tremer has announced the release of a new update of IPFire 2.9, a specialist Linux distribution for firewalls, focusing on easy setup, good handling and high level of security: "This is the 52nd update for the second series of the IPFire firewall distribution. Core Update 52 is addressing several security issues in the web proxy service and the Apache web server. It additionally introduces Russian language support and adds some minor features. It is recommended to install this update as soon as possible and please take notice that both services are restarted when updating. List of changes: Squid 3.1.15 (security fixes), Apache 2.2.20 (security fixes); Ethtool 3.0; web proxy - fix LDAP UTF-8 authentication; add Namecheap as a dynamic DNS provider." Here is the brief release announcement. Download (MD5): ipfire-2.9.i586-full-core52.iso (73.4MB, torrent).

Arne Fitzenreiter has announced the release of IPFire 2.9 Core 51, an updated build of the project's specialist distribution for firewalls: "Core 51 is addressing several security issues in the Linux kernel as well as stability fixes, performance optimization and driver updates. It is recommended to install this update as soon as possible and please take notice that a reboot is required to complete the installation. The update includes the latest Linux long-term kernel of the 2.6.32 series (2.6.32.45) and includes a lot of security fixes and driver improvements. A couple of years ago, there have been problems with some TCP/IP options so these options were disabled to cause less trouble. As technology has developed, these options have now been re-enabled which improves the network throughput a lot." Read the rest of the release announcement for more details and a list of updated device drivers. Download (SHA1): ipfire-2.9.i586-full-core51.iso (73.4MB, torrent).

Arne Fitzenreiter has announced the release of IPFire 2.9 Core 50, a new update of the specialist Linux-based distribution for firewalls: "Today, we release the 50th update of IPFire 2.9. In Core 50 there are updates to Squid (3.1.14), Python (2.7.2), Apache (2.2.19), smartmontools and collectd. From now on, IPFire is installable and configurable in Polish language and there have been a couple of small issues removed on the web user interface. Since 44 months and 50 core updates, IPFire is working better than on the first day. The developers keep working on little updates that improve the base system and add-ons, but also bring major updates along the way. That is why the system runs great on recent hardware and keeps up with new technologies. Special attention is paid to safety-critical problems. Many security issues of third party packages have been patched, tested and delivered within a couple of hours." Here is the "anniversary" announcement. Download (SHA1): ipfire-2.9.i586-full-core50.iso (68.1MB, torrent).

Michael Tremer has announced the release of an updated version of IPFire, a Linux-based firewall distribution: "Today we release IPFire 2.9 Core 47. IPFire 2.9 Core 47 is a bug-fix release and it brings minor feature updates. The most important change, beside the security update of the PHP scripting language, is the opportunity to configure the VLAN IDs that are used for IGMP streaming. PPTP servers that require a host route for the dial-in connection are supported from now on. List of changes: updated PHP to 5.3.5; changed Snort rule download to current Snort version; add SSH ECDSA hostkey for new encryption algorithms; fix add-on service PID/memory display if the add-on name contains numbers; proxy.cgi - fix file name of NTLM authenticator; add outgoing firewall group settings to backup." Here is the full release announcement. Download (MD5): ipfire-2.9.i586-full-core47.iso (65.0MB, or torrent).

Michael Tremer has announced the release of IPFire 2.9 Core 45, an easy-to-use and secure firewall distribution: "Today we release core update 45 which is a bug-fix release and we strongly recommend to install this as soon as possible. List of changes: update of fireinfo to version 2.0.4; update of Squid to version 3.1.10 and fixed 'proxy unable to handle max download size correctly'; update of Snort to current stable 2.9.0.3 and disabled Snort decoder events; update of Memtest86+ (4.20); disabled geode_aes kernel module; fixed unattended restore of backupiso CD; improved vpn-watch; removed core-updates from pakfire cache; fcron - disable mails and fix some cron jobs; outgoing firewall rules now log with LOG prefix despite the drop rules; remove some httpd/cron error log entries. Additionally, there was a lot of clean-up work on the CGI pages of the web interface and lots of tools." Here is the full release announcement. Download (SHA1): ipfire-2.9.i586-full-core45.iso (63.6MB).

Michael Tremer has announced the release of IPFire 2.9, a specialist Linux distribution for firewalls that focuses on easy setup and high security: "After the last maintenance release in November 2010, the developers are proud to release a new version, 2.9. About 400 different changes were implemented in this build and there were about one hundred testers that have installed at least one of the beta versions. IPFire has got a new service that is called 'fireinfo'. This can be enabled as an option and it sends anonymous information about the system to the project. We strongly recommend the users to enable this feature so that we can learn from the statistics that are collected. IPFire 2.9 is based on the latest Linux kernel 2.6.32.28 which will be maintained by the kernel developers for several years. So all of the integrated patches will get into IPFire as well." Read the detailed release announcement for further information. Download (SHA1): ipfire-2.9.i586-full-core44.iso (63.6MB, torrent).

Jan Paul Tuecking has announced the release of IPFire 2.7 Core 40, a specialist distribution for firewalls with a focus on easy setup, good handling and high level of security: "This is the day we release Core Update number 40 which includes the following changes: added a French web interface translation; updated strongSwan to 4.4.1, OpenVPN to 2.1.2, Snort to 2.8.6.1, Python to 2.7; updated drivers - Intel igb network driver 2.3.4, add Huawei Android usbids to option driver, compat-wireless version 2.6.35; changes on the outgoing firewall - re-added the mac filter, fixes on firewall groups; changes on the QoS module - fixed QoS device detection on connection type change, changed QoS port field length to be able to enter port ranges; added IPTV over ADSL (entertain) support (Germany); added DHCPd and dnsmasq configuration customization feature...." Visit the project's news page to read the full release announcement. Download: ipfire-2.7.i586-full-core40.iso (62.3MB, torrent).

Jan Paul Tuecking has announced the release of IPFire 2.7, a specialist distribution of Linux for firewalls: "Today we are going to release IPFire 2.7. At first we will only release the ISO files, the update is not yet available via pakfire. The reason for this is the change of the IPSec software from OpenSwan to StrongSwan and the mandatory changes in the configuration of net2net connections. The update on pakfire will be released next friday, 2010-07-09, so there is enough time to change the IPSec tunnels. There are about 400 changes in the new IPFire version: updated Linux kernel to stable LTS (2.6.32.15); updated OpenSSL to version 0.9.8o; updated Net-SSLeay to version 1.36; switched IPSec from OpenSwan to StrongSwan version 4.4.0; fixed VPN-watch hang at connection re-start; updated Snort to stable 2.8.6; removed snort md5 check, added free space check; added support for alix2 LEDs; added Vodafone K3765 and K4505 usbids to option driver...." Visit the project's news page to read the detailed changelog. Download: ipfire-2.7.i586-full-core38.iso (64.4MB, torrent).

Jan Paul Tuecking has announced the availability of the first release candidate for IPFire 2.7, a Linux-based firewall distribution that focusses on easy setup and high level of security: "After the approval by the release manager we are going to release IPFire 2.7rc1 today. This version is only suitable for testing and should not be used in productive environments. List of changes: updated Linux kernel to stable LTS (2.6.32.15); switched IPSec from Openswan to strongSwan (4.4.0); Updated ALSA (1.0.23); Updated Memtest86+ (4.10); updated kvm-kmod (2.6.33.1); updated OpenSSL (0.9.8o); updated Net-SSLeay (1.36); add Vodafone K3765 and K4505 usb.ids to option driver; add an configuration setting to remove netfilter SIP modules; updated OpenVPN to the stable release; updated Snort to stable 2.8.6...." See the release announcement and changelog for further details. Download: ipfire-2.7rc1.i586-full-core38.iso (64.3MB, MD5).

Jan Paul Tuecking has announced the release of IPFire 2.5 Core 37, a specialist firewall distribution with a web-based configuration interface and a custom package manager: "Today we are going to release IPFire 2.5 Core 37. It brings the following changes: update of OpenSSH to 5.4p1, OpenSSL to 0.9.8n, Apache to 2.2.15; update of sslh to current stable; update of MadWiFi to latest stable; update of lm_sensors to current stable; enabled identd lookup for Squid; fix Cyrus SASL autorun; fix Pakfire ping test to use ICMP again; fix ath5k (no txbuf available); fix disk (media/hardware) graphs with Xen; fix temp readings for some Atom boards; fix urlfilter wasting much memory; add eject command-line tool; add possibility to change the SSH port from 222 back to standard port 22.... Because of the security updates of SSH and SSL, we recommend that all users install this core update." Please find further details in the release announcement. Download: ipfire-2.5.i586-full-core37.iso (77.7MB, MD5, torrent).